From passion to profession: How Alyssa Miller became a leading voice in cybersecurity

From a young age, Alyssa Miller was fascinated by technology and how it can be hacked to function in new ways. At only 12, Alyssa began working as a paper carrier to buy her first computer, on which she taught herself new skills and quenched her curiosity about technology. 

Fast forward to now, and Alyssa has successfully turned her passion into her profession. Not only has she undertaken various leadership roles over her career, but Alyssa is a well-known face in the cybersecurity community today.

Bringing a unique mix of technical expertise and executive presence to the table, Alyssa is a force to be reckoned with in cybersecurity. Today, she's using her platform to change the way we look at the security of our interconnected way of life, and to focus attention on defending privacy and cultivating trust. 

Intrigued by her experience and prominence in the cybersecurity field, we spoke with Alyssa to find out more about her day-to-day and her hopes for the future of cybersecurity.

Thanks so much for joining us today! So, what does a day in the life of Alyssa look like?

Wow, a day in the life, huh? Well I don't know that any two days are the same, but under current conditions with COVID, I have found at least some routine. I usually get up early and hit a workout before I start my day. If the weather is friendly, that's usually hiking, otherwise some other workout. Then it's off to my office in the lower level of my home to get to work.

Work itself can be a lot of different things. Virtual conferences are happening quite often so many days, a good portion of my day is either preparing for or speaking at a virtual conference. I also host a number of live events like webinars, live streams, etc. on behalf of my employer. Other days I might be doing research, digging into security topics centered on Open Source, DevSecOps, and Cloud Native technologies. Sometimes my day is filled with writing blog, website or printed content on similar topics. And of course as an advocate, throughout each day I'm interacting with the community via social media as well. Ultimately, my work days are quite dynamic.

After the work day has ended, that's my time to do my personal research and other work. I usually spend some time working on the book I'm writing. I also might dig into different research I'm working on like Deepfakes or career building in security. There's rarely a dull moment...

As mentioned in the intro, your interest in technology began at a very young age, and now, you're a particularly experienced leader in your field. Could you tell us about that journey?

Sure, it honestly started when I was 4 years old. My dad would bring home his big Zenith computer from work over the holidays. He was an accountant and had to close the books for the year so rather than go into an empty office, he brought it home. In retrospect, he was kind of pioneering work from home in the early 80's. When he wasn't doing work, he'd let me play video games on it and that really sparked my interest. I got involved in some basic computer classes in elementary school and at the age of 12, I saved up enough money and bought myself a PC. I taught myself BASIC programming, modem communications, and learned how to hack a prominent online community system.

I never saw computers as a career, in fact I started at Marquette University as a pre-med major. I was planning to be a doctor. However, after 3 semesters I figured out that wasn't what I wanted to do and so I had to quickly pivot into a different major. Looking through the course catalog, I saw they had a computer science major. Since I already knew how to program I figured that'd be a natural fit. While I was still going to school, I landed a job as a programmer for a large financial technologies company. I spent 9 years as a developer.

I didn't get into security until a manager from the security team asked me to join her security test team. She talked me into it and I became a penetration tester. So thereafter, I was managing the whole team and also their enterprise vulnerability management program, I wasn't even 30 yet. Following that, I spent almost 8 years in consulting roles, managing consulting practices mostly centered on Application Security. Being a former developer, that's where my passion has always been. Most recently, I've transitioned out of consulting and am now working as an Application Security Advocate for Snyk.

Could you tell us a little bit more about what it means to be a Security Advocate?

Security Advocate actually has a bit of a double meaning for me now. At a broader level it describes who I am as a person. I advocate for security practices both within the security community and to broader audiences. I enjoy sharing my ideas through public speaking, blogs, articles, and other media. It's a great way to hear what others think, have them challenge my concepts and also share a lot of the really cool research that I'm doing. It's a great way to connect with folks and help share a little bit of the perspectives I've gained over 15 years in security roles. 

However, Security Advocate has taken on an additional meaning for me since I joined Snyk at the beginning of 2020. It is now my official title professionally. Within that role for Snyk, it's a lot of the same types of activities but carried out on behalf of my employer. My job is to raise awareness of application security and DevSecOps practices within the security community. I'm called upon to share work and research that I do specific to those topics and to build credibility and presence for our company and our products in the security space in particular. But I'm not a salesperson – while my role falls under our marketing organization, I'm not a marketing person. I'm asked instead to simply demonstrate my skills, share my perspectives, and through those activities people will see how the products we offer help solve some of the issues we face in security.

What has been the highlight of your career so far?

It is so hard for me to pick just one. I have had so many opportunities to do really cool things, I've spoken at amazing and high-profile events, I've shared the stage with a lot of great people and I've been able to complete some really awesome research on a variety of topics. 

But one of the things I enjoy most is the impact that I can have on other people. One of my primary focus areas is helping people get their start with a security career. As such I have the opportunity to mentor a lot of people. I think seeing them succeed is probably the greatest highlight in my career. One person in particular I can think of is a woman who I hired to one of my consulting teams. She had no previous cyber security experience when she joined us but had completed some training. Since that time I've been able to watch her career grow, see her get involved and even lead communities within security, see her advocate for others and even get involved in speaking at events herself. Knowing that I had at least some small influence on her career as it was developing is one of the most rewarding experiences ever.

Today, you're a notable driving force in the cybersecurity community. What changes are you hoping to make and see?

If I could make just one change to the security community it would be to see us really embrace empathy and diversity. There are still too many in this community who want to gatekeep, to put artificial and often times irrelevant requirements on people in order for them to be considered legitimate. It's frustrating to see people treated poorly by prominent members of the security community simply because those prominent folks are insecure and worried that someone smarter, more talented or more skilled might take attention away from them. Women, LGBT, People of Color and other under-represented groups in our industry are particularly popular targets for this type of behavior. It's slowly changing but it's a tough ship to turn and I'd like to see us do more overall to stamp out those behaviors once and for all.